You are not logged in.
- Topics: Active | Unanswered
#1 2026-01-22 18:55:23
- menteith
- Member
- Registered: 2022-01-18
- Posts: 50
after failing to set up secure boot, Arch will not boot
Hi,
after I installed packages needed to enable secure boot but not finished setting this up, I cannot boot my Arch. The error message is that /boot cannot be mounted. Using live CD (I have only Debian) I can mount /boot without any problems. Debian can install packages that have arch-chroot.
I use systemd to boot Arch and UKI.
All output of command are from live CD.
$ lsblk
NAME MAJ:MIN RM SIZE RO TYPE MOUNTPOINTS
loop0 7:0 0 2.8G 1 loop /mnt/run/live/rootfs/filesystem.squashfs
/usr/lib/live/mount/rootfs/filesystem.squashfs
/run/live/rootfs/filesystem.squashfs
sda 8:0 1 14.6G 0 disk
├─sda1 8:1 1 3.3G 0 part /mnt/run/live/medium
│ /usr/lib/live/mount/medium
│ /run/live/medium
└─sda2 8:2 1 4.7M 0 part
nvme0n1 259:0 0 953.9G 0 disk
├─nvme0n1p1 259:1 0 4.3G 0 part /mnt/boot
├─nvme0n1p2 259:2 0 35.7G 0 part /mnt
└─nvme0n1p3 259:3 0 913.6G 0 part /media/user/home$ efibootmgr -v
BootCurrent: 000E
Timeout: 1 seconds
BootOrder: 0005,000A,000E,000C,000D,0004,0001,000B,0000
Boot0000* Lenovo Cloud PciRoot(0x0)/Pci(0x1c,0x0)/Pci(0x0,0x0)/MAC(c4c6e6d6d430,0)/IPv4(0.0.0.00.0.0.0,0,0)/Uri(https://download.lenovo.com/pccbbs/cdeploy/efi/boot.efi)
Boot0001* UEFI: HTTP IPv4 Realtek PCIe GBE Family Controller PciRoot(0x0)/Pci(0x1c,0x0)/Pci(0x0,0x0)/MAC(c4c6e6d6d430,0)/IPv4(0.0.0.00.0.0.0,0,0)/Uri()..BO
Boot0004* Win VDI Boot PciRoot(0x0)/Pci(0x1c,0x0)/Pci(0x0,0x0)/MAC(c4c6e6d6d430,0)/IPv4(0.0.0.00.0.0.0,0,0)/Uri(https://download.lenovo.com/pccbbs/cdeploy/vdiboot/efi/vdi.efi)
Boot0005* Linux Boot Manager HD(1,GPT,be979e68-141b-42bd-b94c-4abced10860b,0x800,0x882000)/File(\EFI\systemd\systemd-bootx64.efi)
Boot000A* UEFI: PXE IPv4 Realtek PCIe GBE Family Controller PciRoot(0x0)/Pci(0x1c,0x0)/Pci(0x0,0x0)/MAC(c4c6e6d6d430,0)/IPv4(0.0.0.00.0.0.0,0,0)..BO
Boot000B* UEFI: HTTP IPv6 Realtek PCIe GBE Family Controller PciRoot(0x0)/Pci(0x1c,0x0)/Pci(0x0,0x0)/MAC(c4c6e6d6d430,0)/IPv6([::]:<->[::]:,0,0)/Uri()..BO
Boot000C* UEFI: PXE IPv6 Realtek PCIe GBE Family Controller PciRoot(0x0)/Pci(0x1c,0x0)/Pci(0x0,0x0)/MAC(c4c6e6d6d430,0)/IPv6([::]:<->[::]:,0,0)..BO
Boot000D* UEFI OS HD(1,GPT,be979e68-141b-42bd-b94c-4abced10860b,0x800,0x882000)/File(\EFI\BOOT\BOOTX64.EFI)..BO
Boot000E* UEFI: General USB Flash Disk 1100 PciRoot(0x0)/Pci(0x14,0x0)/USB(3,0)/CDROM(1,0x1a94,0x9500)..BO$ cat /mnt/boot/loader/loader.conf
default arch.conf
timeout 0
console-mode auto$ cat /mnt/boot/loader/entries/arch.conf
title Arch Linux
linux /EFI/Linux/arch-linux.efi$ ls /mnt/boot
EFI initramfs-linux-fallback.img initramfs-linux.img loader RECOVERY.CAP vmlinuz-linuxHere's my fstab:
# /dev/nvme0n1p1
UUID=EA07-07D3 /boot vfat rw,relatime,fmask=0022,dmask=0022,codepage=437,iocharset=ascii,shortname=mixed,utf8,errors=remount-ro 0 2
# /dev/nvme0n1p2 LABEL=root
UUID=32bb1778-d9ad-4404-acad-978d647bfac5 / ext4 rw,relatime 0 1
# /dev/nvme0n1p3 LABEL=home
UUID=55079268-6969-498f-b4b5-17802f2cbbf0 /home ext4 rw,relatime 0 2Please let me know if you need other information to help me with my problem.
Cheers!
Last edited by menteith (2026-01-22 18:56:41)
Long time Debian user who switched to Arch.
Offline
#2 2026-01-23 11:40:20
- astralc
- Member
- Registered: 2022-09-17
- Posts: 127
Re: after failing to set up secure boot, Arch will not boot
check how you create the UKI (even re-create it), and what really loading, even add timeout to sd-boot config. you maybe not loading the correct UKI, or the UEFI reaching some fallback entry because it not sd-boot/UKI not signed .
Add the UKI creation config, and HOW you add signing. There are multiple ways.
the symptom match cases when the loaded kernel does not have matching modules in /usr/lib/modules/
Offline